This role will install and configure Logstash with Wazuh templates on the hosts you selected, you can customize the installation with this vars:
- elasticsearch_network_host: defines Elasticsearch node ip address (default:
127.0.0.1). - elasticsearch_http_port: defines Elasticsearch node port (default:
9200). - elastic_stack_version: defines Logstash version to be installed.
- logstash_input_beats: defines the use of File input or Filebeat input. (defauls:
false)
Create a YAML file wazuh-logstash.yml to be used by Ansible playbook:
- hosts: logstash
roles:
- ansible-role-logstashYou can set your custom variable definitions for different environments, for example:
- For production enviroment
vars-production.yml:
elasticsearch_network_host: '10.1.1.10'
logstash_input_beats: true- For development enviroment
vars-development.yml:
elasticsearch_network_host: '127.0.0.1'
logstash_input_beats: falseNext, run the Ansible playbook:
$ ansible-playbook wazuh-logstash.yml -e@vars-production.ymlThe example above will install Logstash and configure to use 10.1.1.10 as Elasticsearch node enabling the Filebeat input.
Please review the :ref:`references <wazuh_ansible_reference_logstash>` section to see all variables available for this role.